APAR status

Closed as program error.

Error description

Local fix

Level 3 to update

Problem summary

ArrayIndexOutOfBoundsException happens in isSet() method of
NetscapeCertTypeExtension.java. The exception occurs if value
of "position" is greater than or equal to length of bitString
array.
private boolean isSet(int position) {
if (debug != null) {
debug.entry(Debug.TYPE_PRIVATE, className, "isSet",
new Integer(position));
debug.exit(Debug.TYPE_PRIVATE, className, "isSet",
bitString[position]);
}
return bitString[position];
bitString is a boolean array obtained from DER encoded value of
the NetscapeCertType extension present in the certificate.
bitString represents the status of the attributes of
NetscapeCertType extension. The various attributes of
NetscapeCertType extension and their positions are listed
below:
SSL_CLIENT, 0
SSL_SERVER, 1
S_MIME, 2
OBJECT_SIGNING, 3
bit 4 is reserved
SSL_CA, 5
S_MIME_CA, 6
OBJECT_SIGNING_CA, 7
The DER value for NetscapeCertType extension of our certificate
is { 3, 2, 6, 64)
3 -> Tag which indicates BitString
2 -> length of the value
6 -> Number of bits to be ignored starting from least
significant
64 (0x40)-> decimal representation of the binary BITSTRING
(0100 0000) : Here each bit represents the Status of
attributes of NetscapeCertType extension. The first bit being 0
indicates that SSL_CLIENT is not set. The second bit being 1
indicates that SSL_SERVER attribute is set.
While converting the DerValue to Bitstring, the length of the
BitString would be 2 (as 6 bits towards right are ignored). So
the BitString would be (0,1)which is appropriate.
---------------------------------------------
Now in isSet() routine, while querying for an attribute, it
returns bitString[position]. If position of the attributes
exceeds the length of the bitString, it results in
ArrayIndexOutofBoundsException. For our certificate, the
exception would be thrown, while querying for all the attributes
from S_MIME to OBJECT_SIGNING_CA.